Navigation

As a security measure, pip will raise an exception when installing packages from
PyPI if those packages depend on packages not also hosted on PyPI.
In the future, PyPI will block uploading packages with such external URL dependencies directly. (#4187)

Removed support for uninstalling projects which have been installed using
distutils. distutils installed projects do not include metadata indicating
what files belong to that install and thus it is impossible to actually
uninstall them rather than just remove the metadata saying they’ve been
installed while leaving all of the actual files behind. (#2386)

Removed the deprecated --download option to pipinstall. (#2643)

Removed the deprecated –(no-)use-wheel flags to pipinstall and pipwheel. (#2699)

Add –no-color to pip. All colored output is disabled if this flag is
detected. (#2449)

pip uninstall now ignores the absence of a requirement and prints a warning.
(#3016, #4642)

Improved the memory and disk efficiency of the HTTP cache. (#3515)

Support for packages specifying build dependencies in pyproject.toml (see
PEP 518). Packages which
specify one or more build dependencies this way will be built into wheels in
an isolated environment with those dependencies installed. (#3691)

pip now supports environment variable expansion in requirement files using
only ${VARIABLE} syntax on all platforms. (#3728)

Allowed combinations of -q and -v to act sanely. Then we don’t need warnings
mentioned in the issue. (#4008)

Improve the error message for the common pipinstall./requirements.txt
case. (#4127)

Add support for the new @url syntax from PEP 508. (#4175)

Add setuptools version to the statistics sent to BigQuery. (#4209)

Report the line which caused the hash error when using requirement files.
(#4227)

Add a pip config command for managing configuration files. (#4240)

Allow pipdownload to be used with a specific platform when --no-deps
is set. (#4289)

Support build-numbers in wheel versions and support sorting with
build-numbers. (#4299)

Change pip outdated to use PackageFinder in order to do the version lookup so
that local mirrors in Environments that do not have Internet connections can
be used as the Source of Truth for latest version. (#4336)

pip now retries on more HTTP status codes, for intermittent failures.
Previously, it only retried on the standard 503. Now, it also retries on 500
(transient failures on AWS S3), 520 and 527 (transient failures on
Cloudflare). (#4473)

pip now displays where it is looking for packages, if non-default locations
are used. (#4483)

Display a message to run the right command for modifying pip on Windows
(#4490)

Add Man Pages for pip (#4491)

Make uninstall command less verbose by default (#4493)

Switch the default upgrade strategy to be ‘only-if-needed’ (#4500)

Installing from a local directory or a VCS URL now builds a wheel to install,
rather than running setup.pyinstall. Wheels from these sources are not
cached. (#4501)

Don’t log a warning when installing a dependency from Git if the name looks
like a commit hash. (#4507)

pip now displays a warning when it installs scripts from a wheel outside the
PATH. These warnings can be suppressed using a new –no-warn-script-location
option. (#4553)

Local Packages can now be referenced using forward slashes on Windows.
(#4563)

pip show learnt a new Required-by field that lists currently installed
packages that depend on the shown package (#4564)

Change documentation theme to be in line with Python Documentation (#4758)

Add auto completion of short options. (#4954)

Run ‘setup.py develop’ inside pep518 build environment. (#4999)

pip install now prints an error message when it installs an incompatible
version of a dependency. (#5000)

Added a way to distinguish between pip installed packages and those from the
system package manager in ‘pip list’. Specifically, ‘pip list -v’ also shows
the installer of package if it has that meta data. (#949)

Support the installation of wheels with non-PEP 440 version in their
filenames. (#4169)

Fall back to sys.getdefaultencoding() if locale.getpreferredencoding()
returns None in pip.utils.encoding.auto_decode. (#4184)

Fix a bug where SETUPTOOLS_SHIM got called incorrectly for relative path
requirements by converting relative paths to absolute paths prior to calling
the shim. (#4208)

Return the latest version number in search results. (#4219)

Improve error message on permission errors (#4233)

Fail gracefully when /etc/image_version (or another distro version file)
appears to exists but is not readable. (#4249)

Avoid importing setuptools in the parent pip process, to avoid a race
condition when upgrading one of setuptools dependencies. (#4264)

Fix for an incorrect freeze warning message due to a package being
included in multiple requirements files that were passed to freeze.
Instead of warning incorrectly that the package is not installed, pip now
warns that the package was declared multiple times and lists the name of each
requirements file that contains the package in question. (#4293)

Generalize help text for compile/no-compile flags. (#4316)

Handle the case when /etc is not readable by the current user by using a
hardcoded list of possible names of release files. (#4320)

Fixed a NameError when attempting to catch FileNotFoundError on
Python 2.7. (#4322)

Ensure USER_SITE is correctly initialised. (#4437)

Reinstalling an editable package from Git no longer assumes that the
master branch exists. (#4448)

This fixes an issue where when someone who tries to use git with pip but pip
can’t because git is not in the path environment variable. This clarifies the
error given to suggest to the user what might be wrong. (#4461)

BACKWARD INCOMPATIBLE Remove the attempted autodetection of requirement
names from URLs, URLs must include a name via #egg=.

DEPRECATIONpipinstall--egg have been deprecated and will be
removed in the future. This “feature” has a long list of drawbacks which
break nearly all of pip’s other features in subtle and hard-to-diagnose
ways.

Implementation of pep-503 data-requires-python. When this field is
present for a release link, pip will ignore the download when
installing to a Python version that doesn’t satisfy the requirement.

pipwheel now works on editable packages too (it was only working on
editable dependencies before); this allows running pipwheel on the result
of pipfreeze in presence of editable requirements. (#3695, #3291)

Load credentials from .netrc files. (#3715, #3569)

Add --platform, --python-version, --implementation and --abi
parameters to pipdownload. These allow utilities and advanced users to
gather distributions for interpreters other than the one pip is being run on.
(#3760)

Skip scanning virtual environments, even when venv/bin/python is a dangling
symlink.

Deprecate and no-op the --allow-external, --allow-all-external, and
--allow-unverified functionality that was added as part of PEP 438. With
changes made to the repository protocol made in PEP 470, these options are no
longer functional.

Provide a spinner showing that progress is happening when installing or
building a package via setup.py. This will alleviate concerns that
projects with unusually long build times have with pip appearing to stall.

Include the functionality of peep into pip, allowing hashes to be baked
into a requirements file and ensuring that the packages being downloaded
match one of those hashes. This is an additional, opt-in security measure
that, when used, removes the need to trust the repository.

Fix a bug causing pip to not select a wheel compiled against an OSX SDK later
than what Python itself was compiled against when running on a newer version
of OSX.

Add a new --prefix option for pipinstall that supports wheels and
sdists. (#3252)

Fixed issue regarding wheel building with setup.py using a different encoding
than the system. (#2042)

The detection of editable packages now relies on the presence of .egg-link
instead of looking for a VCS, so piplist-e is more reliable. (#3258)

Add the --prefix flag to pipinstall which allows specifying a root
prefix to use instead of sys.prefix. (#3252)

Allow duplicate specifications in the case that only the extras differ, and
union all specified extras together. (#3198)

Fix the detection of the user’s current platform on OSX when determining the
OSX SDK version. (#3232)

Prevent the automatically built wheels from mistakenly being used across
multiple versions of Python when they may not be correctly configured for
that by making the wheel specific to a specific version of Python and
specific interpreter. (#3225)

Emulate the SOABI support in wheels from Python 2.x on Python 2.x as closely
as we can with the information available within the interpreter. (#3075)

Don’t roundtrip to the network when git is pinned to a specific commit hash
and that hash already exists locally. (#3066)

Prefer wheels built against a newer SDK to wheels built against an older SDK
on OSX. (#3163)

Show entry points for projects installed via wheel. (#3122)

Improve message when an unexisting path is passed to –find-links option.
(#2968)

pip freeze does not add the VCS branch/tag name in the #egg=… fragment
anymore. (#3312)

Warn on installation of editable if the provided #egg=name part does not
match the metadata produced by setup.py egg_info. (#3143)

Add support for .xz files for python versions supporting them (>= 3.3). (#722)

Upgrade distlib to 0.2.1.
- Updated launchers to decode shebangs using UTF-8. This allows non-ASCII
pathnames to be correctly handled.
- Ensured that the executable written to shebangs is normcased.
- Changed ScriptMaker to work better under Jython.

BACKWARD INCOMPATIBLE Requirements in requirements files containing
markers must now be quoted due to parser changes. For example, use
"SomeProject;python_version<'2.7'", not simply
SomeProject;python_version<'2.7' (#2697, #2725)

get-pip.py now installs the “wheel” package, when it’s not already
installed. (#2800)

Removed the temporary modifications (that began in pip v1.4 when distribute
and setuptools merged) that allowed distribute to be considered a conflict to
setuptools. pipinstall-Usetuptools will no longer upgrade “distribute”
to “setuptools”. Instead, use pipinstall-Udistribute. (#2767)

Only display a warning to upgrade pip when the newest version is a final
release and it is not a post release of the version we already have
installed. (#2766)

Display a warning when attempting to access a repository that uses HTTPS when
we don’t have Python compiled with SSL support. (#2761)

Allowing using extras when installing from a file path without requiring the
use of an editable. (#2785)

Fix an infinite loop when the cache directory is stored on a file system
which does not support hard links. (#2796)

Remove the implicit debug log that was written on every invocation, instead
users will need to use --log if they wish to have one. (#2798)

Fixes upgrades failing when no potential links were found for dependencies
other than the current installation. (#2538, #2502)

Use a smoother progress bar when the terminal is capable of handling it,
otherwise fallback to the original ASCII based progress bar.

Display much less output when pip install succeeds, because on success,
users probably don’t care about all the nitty gritty details of compiling and
installing. When pip install fails, display the failed install output once
instead of twice, because once is enough. (#2487)

Upgrade the bundled copy of requests to 2.6.0, fixing CVE-2015-2296.

Display format of latest package when using piplist--outdated. (#2475)

Don’t use pywin32 as ctypes should always be available on Windows, using
pywin32 prevented uninstallation of pywin32 on Windows. (PR #2467)

Normalize the --wheel-dir option, expanding out constructs such as ~
when used. (#2441)

Display a warning when an undefined extra has been requested. (#2142)

Speed up installing a directory in certain cases by creating a sdist instead
of copying the entire directory. (#2535)

Don’t follow symlinks when uninstalling files (#2552)

Upgrade the bundled copy of cachecontrol from 0.11.1 to 0.11.2. (#2481, #2595)

Attempt to more smartly choose the order of installation to try and install
dependencies before the projects that depend on them. (#2616)

Skip trying to install libraries which are part of the standard library.
(#2636, #2602)

Support arch specific wheels that are not tied to a specific Python ABI.
(#2561)

Output warnings and errors to stderr instead of stdout. (#2543)

Adjust the cache dir file checks to only check ownership if the effective
user is root. (#2396)

Install headers into a per project name directory instead of all of them into
the root directory when inside of a virtual environment. (#2421)

PROCESS Version numbers are now simply X.Y where the leading 1
has been dropped.

BACKWARD INCOMPATIBLE Dropped support for Python 3.1.

BACKWARD INCOMPATIBLE Removed the bundle support which was deprecated in
1.4. (#1806)

BACKWARD INCOMPATIBLE File lists generated by pip show -f are now
rooted at the location reported by show, rather than one (unstated)
directory lower. (#1933)

BACKWARD INCOMPATIBLE The ability to install files over the FTP protocol
was accidentally lost in pip 1.5 and it has now been decided to not restore
that ability.

BACKWARD INCOMPATIBLE PEP 440 is now fully implemented, this means that
in some cases versions will sort differently or version specifiers will be
interpreted differently than previously. The common cases should all function
similarly to before.

DEPRECATIONpipinstall--download-cache and
pipwheel--download-cache command line flags have been deprecated and
the functionality removed. Since pip now automatically configures and uses
it’s internal HTTP cache which supplants the --download-cache the
existing options have been made non functional but will still be accepted
until their removal in pip v8.0. For more information please see
https://pip.pypa.io/en/stable/reference/pip_install.html#caching

DEPRECATIONpipinstall--build and pipinstall--no-clean are now
NOT deprecated. This reverses the deprecation that occurred in v1.5.3.
(#906)

DEPRECATION Implicitly accessing URLs which point to an origin which is
not a secure origin, instead requiring an opt-in for each host using the new
--trusted-host flag (pipinstall--trusted-hostexample.comfoo).

Allow the new --trusted-host flag to also disable TLS verification for
a particular hostname.

Added a --user flag to pipfreeze and piplist to check the
user site directory only.

Silence byte compile errors when installation succeed. (#1873)

Added a virtualenv-specific configuration file. (#1364)

Added site-wide configuration files. (1978)

Added an automatic check to warn if there is an updated version of pip
available. (#2049)

wsgiref and argparse (for >py26) are now excluded from pip list and
pip freeze. (#1606, #1369)

Add --client-cert option for SSL client certificates. (#1424)

pip show –files was broken for wheel installs. (#1635, #1484)

install_lib should take precedence when reading distutils config.
(#1642, #1641)

Send Accept-Encoding: identity when downloading files in an attempt to
convince some servers who double compress the downloaded file to stop doing
so. (#1688)

Stop breaking when given pip commands in uppercase (#1559, #1725)

Pip no longer adds duplicate logging consumers, so it won’t create duplicate
output when being called multiple times. (#1618, #1723)

pip wheel now returns an error code if any wheels fail to build. (#1769)

BACKWARD INCOMPATIBLE pip no longer supports the --use-mirrors,
-M, and --mirrors flags. The mirroring support has been removed. In
order to use a mirror specify it as the primary index with -i or
--index-url, or as an additional index with --extra-index-url.
(#1098, CVE-2013-5123)

BACKWARD INCOMPATIBLE pip no longer will scrape insecure external urls by
default nor will it install externally hosted files by default. Users may opt
into installing externally hosted or insecure files or urls using
--allow-externalPROJECT and --allow-unverifiedPROJECT. (#1055)

BACKWARD INCOMPATIBLE pip no longer respects dependency links by default.
Users may opt into respecting them again using --process-dependency-links.

DEPRECATIONpipinstall--no-install and pipinstall--no-download are now formally deprecated. See #906 for discussion on
possible alternatives, or lack thereof, in future releases.

Archive contents are now written based on system defaults and umask (i.e.
permissions are not preserved), except that regular files with any execute
permissions have the equivalent of “chmod +x” applied after being written.
(#1133, #317, #1146)

PreviousBuildDirError now returns a non-zero exit code and prevents the
previous build dir from being cleaned in all cases. (#1162)

Renamed –allow-insecure to –allow-unverified, however the old name will
continue to work for a period of time. (#1257)

Fixed an error when installing local projects with symlinks in Python 3.
(#1006, #1311)

The previously hidden --log-file option, is now shown as a general option.
(#1316)

To satisfy pip’s setuptools requirement, pip now recommends setuptools>=0.8,
not distribute. setuptools and distribute are now merged into one project
called ‘setuptools’. (#1003)

pip will now warn when installing a file that is either hosted externally to
the index or cannot be verified with a hash. In the future pip will default
to not installing them and will require the flags –allow-external NAME, and
–allow-insecure NAME respectively. (#985)

If an already-downloaded or cached file has a bad hash, re-download it rather
than erroring out. (#963)

pipbundle and support for installing from pybundle files is now
considered deprecated and will be removed in pip v1.5.

Fix a number of issues related to cleaning up and not reusing build
directories. (#413, #709, #634, #602, #939, #865, #948)

Added a User Agent so that pip is identifiable in logs. (#901)

Added ssl and –user support to get-pip.py. Thanks Gabriel de Perthuis.
(#895)

Errors from subprocesses will display the current working directory.
Thanks Antti Kaihola.

Fixed compatibility with Subversion 1.7. Thanks Qiangning Hong. Note that
setuptools remains incompatible with Subversion 1.7; to get the benefits of
pip’s support you must use Distribute rather than setuptools. (#369)

pip install -U no longer reinstalls the same versions of packages. Thanks
iguananaut for the pull request. (#49)

Removed -E/--environment option and PIP_RESPECT_VIRTUALENV;
both use a restart-in-venv mechanism that’s broken, and neither one is
useful since every virtualenv now has pip inside it. Replace pip-Epath/to/venvinstallFoo with virtualenvpath/to/venv&&path/to/venv/pipinstallFoo.

Fixed pip throwing an IndexError when it calls scraped_rel_links. (#366)

Support tab-completion when there is a global-option before the
subcommand.

Install header files in standard (scheme-default) location when installing
outside a virtualenv. Install them to a slightly more consistent
non-standard location inside a virtualenv (since the standard location is
a non-writable symlink to the global location).

pip now logs to a central location by default (instead of creating
pip-log.txt all over the place) and constantly overwrites the
file in question. On Unix and macOS this is '$HOME/.pip/pip.log'
and on Windows it’s '%HOME%\\pip\\pip.log'. You are still able to
override this location with the $PIP_LOG_FILE environment variable.
For a complete (appended) logfile use the separate '--log' command line
option.

Fixed an issue with Git that left an editable package as a checkout of a
remote branch, even if the default behaviour would have been fine, too.

Fixed installing from a Git tag with older versions of Git.

Expand “~” in logfile and download cache paths.

Speed up installing from Mercurial repositories by cloning without
updating the working copy multiple times.

Added an option --install-option to pass options to pass
arguments to setup.pyinstall

.svn/ directories are no longer included in bundles, as these
directories are specific to a version of svn – if you build a
bundle on a system with svn 1.5, you can’t use the checkout on a
system with svn 1.4. Instead a file svn-checkout.txt is
included that notes the original location and revision, and the
command you can use to turn it back into an svn checkout. (Probably
unpacking the bundle should, maybe optionally, recreate this
information – but that is not currently implemented, and it would
require network access.)

Avoid ambiguities over project name case, where for instance
MyPackage and mypackage would be considered different packages.
This in particular caused problems on Macs, where MyPackage/ and
mypackage/ are the same directory.

Added support for an environmental variable
$PIP_DOWNLOAD_CACHE which will cache package downloads, so
future installations won’t require large downloads. Network access
is still required, but just some downloads will be avoided when
using this.